Lucene search
K

14 matches found

EUVD
EUVD
added 2025/10/07 12:30 a.m.6 views

EUVD-2002-2079

Malware in sbrugna...

5CVSS6.4AI score0.11363EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2025/05/22 12:27 a.m.7 views

CVE-2012-6634

wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a postid value...

6.4CVSS6.5AI score0.02497EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/21 8:32 p.m.9 views

CVE-2002-2100

Microsoft Outlook 2002 allows remote attackers to embed bypass the file download restrictions for attachments via an HTML email message that uses an IFRAME to reference malicious content...

5CVSS7AI score0.11363EPSS
Exploits0References1
NVD
NVD
added 2022/03/30 4:15 p.m.27 views

CVE-2021-39740

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...

5.5CVSS0.00105EPSS
Exploits0References1
OSV
OSV
added 2022/03/30 4:15 p.m.6 views

CVE-2021-39740

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...

5.5CVSS5.9AI score0.00105EPSS
Exploits0References1
Cvelist
Cvelist
added 2022/03/30 4:2 p.m.26 views

CVE-2021-39740

In Messaging, there is a possible way to bypass attachment restrictions due to improper input validation. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android-12LAndroid ID...

6AI score0.00105EPSS
Exploits0References1
CVE
CVE
added 2022/03/30 4:2 p.m.88 views

CVE-2021-39740

CVE-2021-39740 affects the Android 12L messaging path. The issue arises from improper input validation in messaging, allowing an attacker to bypass attachment restrictions and cause local information disclosure without requiring user interaction or privileges. The vulnerability is categorized und...

5.5CVSS5.6AI score0.00105EPSS
Exploits0References1Affected Software1
The Hacker News
The Hacker News
added 2019/09/26 7:10 p.m.15 views

Outlook for Web Bans 38 More File Extensions in Email Attachments

Malware or computer virus can infect your computer in several different ways, but one of the most common methods of its delivery is through malicious file attachments over emails that execute the malware when you open them. Therefore, to protect its users from malicious scripts and executable,...

6.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2019/06/14 12:0 a.m.4 views

The vulnerability of the Microsoft Dynamics resource planning software, related to security configuration errors, allows a hacker to circumvent existing restrictions on embedded email files.

The vulnerability of the Microsoft Dynamics resource planning software is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to circumvent existing restrictions on email attachments by intercepting POST requests...

5.9CVSS5.5AI score0.02762EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2014/11/24 3:59 p.m.15 views

CVE-2014-8988

MantisBT before 1.2.18 allows remote authenticated users to bypass the $gdownloadattachmentsthreshold and $gviewattachmentsthreshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download...

4CVSS5.2AI score0.01951EPSS
Exploits0References8
Prion
Prion
added 2014/11/24 3:59 p.m.18 views

Cross site request forgery (csrf)

MantisBT before 1.2.18 allows remote authenticated users to bypass the $gdownloadattachmentsthreshold and $gviewattachmentsthreshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download...

4CVSS6.5AI score0.01951EPSS
Exploits0References8Affected Software1
UbuntuCve
UbuntuCve
added 2014/11/24 3:59 p.m.25 views

CVE-2014-8988

MantisBT before 1.2.18 allows remote authenticated users to bypass the $gdownloadattachmentsthreshold and $gviewattachmentsthreshold restrictions and read attachments for private projects by leveraging access to a project that does not restrict access to attachments and a request to the download...

4CVSS5.9AI score0.01951EPSS
Exploits0References3
CVE
CVE
added 2014/11/24 3:0 p.m.59 views

CVE-2014-8988

CVE-2014-8988 affects MantisBT

4CVSS5.2AI score0.01951EPSS
Exploits0References8Affected Software1
seebug.org
seebug.org
added 2014/06/17 12:0 a.m.19 views

Discuz跨域数据劫持+附件类型限制绕过

简要描述: 两个凑一块发了 详细说明: 1 跨域数据劫持(csrf token formhash盗取) 下载远程附件功能不会对文件内容(文件格式)进行检测导致可以上传恶意的swf文件(扩展名还是图片扩展名),进而进行跨域数据劫持: 伪造图片CrossDomainDataHijack.jpg相关代码: package com.powerflasher.SampleApp import flash.external.ExternalInterface; import flash.display.Sprite; import flash.display.Sprite; import...

7.1AI score
Exploits0
Rows per page
Query Builder